hosts/losurdo/syncoid.nix

   1 { lib, config, inputs, hostName, ... }:
   2 let
   3   inherit (config) networking;
   4   inherit (config.services) syncoid;
   5   inherit (config.users) groups;
   6   losurdo2das1 = path: conf: lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
   7     "${hostName}/${path}2das1" = {
   8       source = "${hostName}/${path}";
   9       target = "das1/julm/backup/losurdo/${path}";
  10       sendOptions = "raw";
  11       recursive = true;
  12     };
  13   };
  14   mermet2losurdo = path: conf: lib.mapAttrs (_n: v: lib.recursiveUpdate v conf) {
  15     /*
  16       "backup@mermet.${networking.domain}:rpool/${path}" = {
  17       target = "${hostName}/backup/mermet/${path}";
  18       sendOptions = "raw";
  19       recursive = true;
  20       };
  21       "${hostName}/backup/mermet/${path}" = {
  22     */
  23     "backup@mermet.${networking.domain}:rpool/${path}" = {
  24       target = "das1/julm/backup/mermet/${path}";
  25       sendOptions = "raw";
  26       recursive = true;
  27     };
  28   };
  29 in
  30 {
  31   networking.nftables.ruleset = lib.mkBefore ''
  32     table inet filter {
  33       chain output-net {
  34         skuid @nixos_syncoid_uids \
  35           meta l4proto tcp \
  36           counter accept \
  37           comment "syncoid: SSH"
  38       }
  39     }
  40   '';
  41   systemd.tmpfiles.rules = [
  42     "z /dev/zfs 0660 - disk  -"
  43   ];
  44   services.syncoid = {
  45     enable = true;
  46     interval = "*-*-* *:05:00";
  47     #interval = "*:0/1";
  48     sshKey = "sshKey:${syncoid/sshKey.cred}";
  49     commonArgs = [
  50       #"--debug"
  51       "--no-sync-snap"
  52       "--create-bookmark"
  53       #"--no-privilege-elevation"
  54       #"--no-stream"
  55       #"--preserve-recordsize"
  56       #"--preserve-properties"
  57     ];
  58     service = {
  59       serviceConfig.Group = groups."disk".name;
  60     };
  61     commands = {
  62       "${hostName}/home/julm/work" = {
  63         sendOptions = "raw";
  64         target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/home/julm/work";
  65       };
  66     }
  67     // mermet2losurdo "var" {
  68       extraArgs = [
  69         "--skip-parent"
  70         "--exclude=rpool/var/cache"
  71         "--exclude=rpool/var/lib/nginx"
  72         "--exclude=rpool/var/log"
  73         "--exclude=rpool/var/tmp"
  74       ];
  75     }
  76     // mermet2losurdo "home/julm/mail" { }
  77     // mermet2losurdo "home/julm/log" { }
  78     // losurdo2das1 "home/julm/work" { }
  79     // losurdo2das1 "var/sftp" { }
  80     // losurdo2das1 "var/git" { }
  81     ;
  82   };
  83 }